21

117

Section 9.4.3.3

The informative note at the end of the first bulleted item is deleted.

22

110

Section 9.4.3.5

The following is added to item 7 as a new sub-item c.:

c.

Content owners may optionally allow the SM to automatically assume trust in remote SPBs (i.e., have the SM trust security devices without their certificate information appearing on the TDL). To support this feature, a unique "assume trust" certificate thumbprint is specified as the "SHA-1 of the empty string".The Base64 value of this string shall be "2jmj7l5rSw0yVb/vlWAYkK/YBwk=" for this exclusive use. When the KDM's DeviceList carries exclusively (only) the assume trust thumbprint, the SM shall consider the auditorium suite certificates collected during TLS session establishment as being "on the TDL." In other words, the SM shall act as if the TDL requirement has been satisfied. SM behavior shall otherwise follow all rules of this section. Should the KDM's DeviceList carry any thumbprint in addition to the assume trust thumbprint, the SM shall ignore this part (c) rule. The assume trust thumbprint shall not be used to enable special auditorium situations per item 16 below.

23

118

Section 9.4.3.7

In the third bulleted item, the words "clock offset" are replaced with the word "time". In the second sentence of the last bulleted item, the words "SPB's clock" are replaced with the words "SPB's time".

24

120

Section 9.4.4.1

The second sentence of item g. is replaced with the following text:

The SM may key the multiple LDB/projector configuration using the same LE key for each LDB/projector system.

25

122

Section 9.4.5.2.4

The two references to "SMPTE 430-6-2007" are changed to read "SMPTE 430-6-2008".

26

123

Section 9.4.5.2.4

In Table 15, the first Function entries of the two sections are incorrectly shown as part of the bolded category title.
The StartSuite function reads in its entirety as:

Commands SM to establish TLS sessions with remote SPBs

The BadRequest function reads in its entirety as:

Special "Response" indicating failure to process a "Request"

27

123

Section 9.4.5.3.2

The three references to "SMPTE 430-6-2007" are changed to read

"SMPTE 430-6-2008".

28

124

Section 9.4.5.3.2

The following is added as a fifth bulleted item:

When performing TLS 1.0 handshake mutual authentication, it shall be permissible for the TLS client and server devices to deliver only the respective SPB device leaf certificate.

33

148

Section 9.7.7

The first two sentences of this section are changed to read:

No more than 256 keys shall be used to encrypt the essence of a single composition (i.e., Composition Playlist). To support multiple shows, the Media Decryptor shall be capable of securely caching at least 512 keys.